CVE-2016-5398 – stored XSS in JBoss BPM suite business process editor
https://notcve.org/view.php?id=CVE-2016-5398
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. Vulnerabilidad de XSS en Business Process Editor en Red Hat JBoss BPM Suite en versiones anteriores a 6.3.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios apalancando los permisos para crear procesos de negocio. A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users. • http://rhn.redhat.com/errata/RHSA-2016-1968.html http://rhn.redhat.com/errata/RHSA-2016-1969.html http://www.securityfocus.com/bid/93219 https://bugzilla.redhat.com/show_bug.cgi?id=1358523 https://access.redhat.com/security/cve/CVE-2016-5398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-7034 – Dashbuilder: insecure handling of CSRF token
https://notcve.org/view.php?id=CVE-2016-7034
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. El dashbuilder en Red Hat JBoss BPM Suite 6.3.2 no maneja adecuadamente tokens CSRF generados durante una sesión activa y los incluye en cadenas query, lo que facilita a atacantes remotos (1) eludir mecanismos de protección CSRF o (2) llevar a cabo ataques CSRF mediante la obteción de un token antiguo. It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web logs, and other sources. • http://rhn.redhat.com/errata/RHSA-2017-0557.html http://www.securityfocus.com/bid/92760 https://access.redhat.com/errata/RHSA-2018:0296 https://bugzilla.redhat.com/show_bug.cgi?id=1373347 https://access.redhat.com/security/cve/CVE-2016-7034 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-7033 – bpms: stored XSS in dashbuilder
https://notcve.org/view.php?id=CVE-2016-7033
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en las páginas de admin en dashbuilder en Red Hat JBoss BPM Suite 6.3.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder (usually admins) can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admins. • http://rhn.redhat.com/errata/RHSA-2017-0249.html http://www.securityfocus.com/bid/92762 https://bugzilla.redhat.com/show_bug.cgi?id=1373344 https://access.redhat.com/security/cve/CVE-2016-7033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6344 – JBoss bpms 6.3.x cookie does not set httponly
https://notcve.org/view.php?id=CVE-2016-6344
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. Red Hat JBoss BPM Suite 6.3.x no incluye el indicador HTTPOnly en una cabecera Set-Cookie para cookies de sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través del acceso con secuencia de comandos a las cookies It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS. • http://rhn.redhat.com/errata/RHSA-2017-0248.html http://rhn.redhat.com/errata/RHSA-2017-0249.html http://www.securityfocus.com/bid/92714 https://bugzilla.redhat.com/show_bug.cgi?id=1371807 https://access.redhat.com/security/cve/CVE-2016-6344 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-4999 – Dashbuilder: SQL Injection on data set lookup filters
https://notcve.org/view.php?id=CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. Vulnerabilidad de inyección SQL en el método getStringParameterSQL en main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java en Dashbuilder en versiones anteriores a 0.6.0.Beta1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un filtro de búsqueda de conjunto de datos en (1) Data Set Authoring o (2) Displayer editor UI. A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter. • http://www.securityfocus.com/bid/91795 https://access.redhat.com/errata/RHSA-2016:1428 https://access.redhat.com/errata/RHSA-2016:1429 https://bugzilla.redhat.com/show_bug.cgi?id=1349990 https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b https://issues.jboss.org/browse/DASHBUILDE-113 https://access.redhat.com/security/cve/CVE-2016-4999 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •